Attackers exploit non patches Flash leak of Hacking Team – Update




A zero day -exploit that comes from the embattled security firm Hacking Team, is abused in at least three different exploit kits. The exploit is from the hack Hacking Team, with 400 gigabytes was posted online to internal files.

Flash The hack Hacking Team, which makes spying software for governments, attackers were about 400 gigabytes of internal files loot. There’s not only internal e-mail correspondence, but also details of security issues that abused the controversial company, for example, to place malware on systems of ‘suspects’.

At least one of these vulnerabilities being exploited in the wild, writes security researcher JuK on the blog Malware Do not Need Coffee. The security problem makes it possible to carry out self-code on a system, and operates, inter alia, in Chrome on Windows.

The bug is currently being abused probably already operates in three kits: Angler, Neutrino and Nuclear. Exploit kits can be purchased by attackers to inject without too much difficulty victims’ computers with malware. The exploit kit does so with the aid of known security vulnerabilities in software, which can, inter alia, be served via infected advertisements. With the aid of the operating-kit was to be installed under more adware, but also ransomware, wherein files are encrypted, and users have to pay to get back to their files.

The security issue is a zero day, which means there is no patch is available yet. Adobe would plan to quickly release a patch, possibly Wednesday or Thursday, but users are vulnerable at the time of writing. Security company Symantec advises users to disable Flash. Also, plug-ins are blocked or click-to-play are made.

In the 400 gigabytes of Hacking Team data are even more vulnerable. According to security researcher Yonathan Klijnsma: this includes a bug in SELinux under Android. There would also be present in an exploit a bug for Windows that attackers with access to the system will gain higher privileges. However, it is unclear whether this is a non issue patches. Since these files to a whopping 400 gigabytes, it is likely that additional, currently undiscovered vulnerabilities exist.

Update, 15:08: Meanwhile the bug is squashed, confirms beveiligingsonderoeker JuK opposite Security Week.


In: Technology & Gadgets Asked By: [15444 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »